Encryption devices are used to send and receive data communication via open networks and to secure this communication against manipulation, monitoring, and/or interception. An encryption device may protect the data communication against manipulation by using cryptographic check sums (message authentication code, digital signatures) or by using an authenticated encryption mode, protecting the integrity of sent and received data communication and ensuring the authenticity of communication peers. An encryption device may cryptographically protect only the integrity of data communication by using an integrity-only ciphersuite. It may protect the confidentiality of data communication by encrypting/decrypting the data. An encryption device may protect both the integrity and the confidentiality of data communication. Many industrial field devices require a security configuration, for example for connection to a remote entity, for example a remote network, like a virtual private network (VPN) access device. In other field devices an authentication of a user can be required, for example for service access to a medical imaging device.
Establishment and/or activation of such a security configuration and/or authentication of a user is known to be possible by several means, for example: explicit configuration by an administration interface, loading of a configuration from a configuration memory module, loading of a configuration from a configuration server, auto-configuration (so-called “plug and work”). Furthermore, training is known from methods such as pairing, teach-in, Wi-Fi Protected Setup (WPS) from application fields such as Bluetooth and Wi-Fi connections. In such cases, the security configuration is trained for example upon a first activation of a device or upon a keypress. Training can be protected by different methods. For example, training can be only possible in a short time interval following a keypress of a device. Protection can also be provided by other technical measures. For example, a personal identification number (PIN) or password has to be entered by user or a PIN is checked by the device in another form.
In the field of on-line banking services, so-called “flicker-codes” are known. An example for such a flicker-code based system may be found here: https://agses.net/the-agses-technology/three-basic-components/flicker-code-generator/, retrieved Apr. 12, 2018, https://agses.net/how-agses-works-simple-and-secure/, retrieved Apr. 12, 2018.
In a flicker-code based authentication procedure, security code is optically modulated and displayed on a screen. Displaying on the screen can be achieved by using images on a web page, which are displayed by screen. A receiving device is then used to receive flicker code and decode it. To this end the receiving device must be held by a user against the screen displaying the flicker code at a given angle.
Entering a PIN can be a cumbersome task, requiring at least one hand of the user. While PINs with a larger number of digits provide an elevated level of security (at least when different digits are used), the length of PINs is limited in practice, as longer PINs increase the risk of wrong input by the user and are inconvenient for a user to enter. Similar to PINs, also a password or another authentication code may be used. String passwords or authentication codes, e.g., a hexadecimal authentication code, are tedious to enter, in particular on devices without an alphanumeric keyboard.
On the other hand, flicker codes may be recorded by an attacker by observing the screen on which they are displayed, giving a possibility for attacks. The correct detection of the flicker code by the receiving device may depend upon environmental conditions, e.g. the illumination of the screen by other light sources. Also, holding the receiving device at the required angle for detection requires the attention of the user and may be cumbersome or even impractical in some applications, for example if field devices have a screen in inconvenient location for authentication or no screen at all.
The document U.S. Pat. No. 8,531,247 B2, the document the document U.S. Pat. No. 8,892,616 B2, the document U.S. Pat. No. 8,300,811 B2, the document U.S. Pat. No. 9,147,088 B2, the document U.S. Pat. No. 9,584,311 B2, the document EP 2976707 B1, the document EP 2 605 445 B1, the document EP 2 870 565 A1, the document EP 2 891 102 A1, the document WO 2017137256 A1, the document EP 2870565 B1, the document EP 3028140 B1, the document EP 17175275, and the document U.S. Pat. No. 8,843,761 B2 are known from art.
From different field it is known to use suction cups as attachment to detachably attach mechanical hooks, for example towel holders, to tiles, or GPS navigation systems to windshields in cars.